The present invention relates to document processing generally and more particularly to document processing which is protected against unauthorized access.
Problems of security in information transmission have been addressed in various ways in the prior art. Various types of encryption techniques are presently used to provide desired levels of security for information transmission and to prevent unauthorized access thereto or modification thereof.
Protecting the security of documents at the time and location of their creation has not been addressed in the same manner. Generally, security of documents generated using electronic apparatus is ensured by physical security of the electronic apparatus. Thus computers or the storage media thereof are maintained in physically secure installations.
Ensuring the security of documents in environments wherein maintenance of the computers or the storage media in physically secure installations is impractical appears to be a problem stll awaiting a solution.
Various techniques are known for protection of communications against unauthorized access. Scrambling and various other forms of encryption are commonly employed for this purpose. Generally, an entire file is protected in this way.
There is described in applicant/inventor""s pending PCT patent application, PCT/US94/08684 an apparatus and method for creating and transmitting confidential documents, the disclosure of which is hereby incorporated by reference. Disclosed inter alia in this document is the encryption of only part of a document, wherein the header of the document is left unencrypted.
In computer operating systems and methods it is common for a user carrying out a first process to trigger the operation of a second process. The trigger is typically the entry of a predetermined command which can be achieved using a conventional keyboard or mouse.
Designing the trigger is relatively straightforward when the programmer has access to the first process and is allowed to make changes thereto in order to accommodate the predetermined command.
Increasingly, there are operating environments which are in extremely widespread use, but whose operating commands cannot be accessed and modified in practice by designers of such second processes. Such operating environments may include operating systems, such as WINDOWS, a trademark of Microsoft Corporation, and operating processes, such as WORD 2.0 FOR WINDOWS, a trademark of Microsoft Corporation.
Even when the operating commands can be accessed and modified by designers of such second processes, it is often impractical or uneconomical to do so, since such modifications would require changes such as the creation of new xe2x80x9cmacrosxe2x80x9d for each application. There may exist therefore many xe2x80x9cnon-modifiedxe2x80x9d operating environments for which the present invention is particularly suited.
The present invention concerns triggers operating in non-modified operating environments for enabling a user carrying out a first process to trigger the operation of a second process.
The present invention seeks to provide a secure document processing system, which preserves the security of documents processed thereby even in the absence of physical security at the location of the system.
There is thus provided in accordance with a preferred embodiment of the present invention, a secure document processing system including a document processor having an input device for inputting information in a non-secure form, an information storage medium associated with the document processor, and encryption apparatus associated with the document processor and with the information storage medium and being operative to encrypt all information received from the document processor prior to storage thereof by the information storage medium in a secure form.
In accordance with a preferred embodiment of the present invention, the system includes automatic encryption and storage apparatus which automatically encrypts and then stores information inputted by the input device periodically in order not to lose said information upon cessation of the supply of electrical power to the document processor. This cessation may be intentional or unintentional.
Additionally in accordance with a preferred embodiment of the present invention, the system includes automatic encryption and storage apparatus which automatically encrypts and then stores information inputted by the input device upon interruption of information input for at least a predetermined time. Such interruption is normally indicative of the possible absence or lack of attention of the user.
There is also provided in accordance with a preferred embodiment of the present invention a secure document processing system including a document processor having an input device for inputting information in a non-secure form, an information output device associated with the document processor, and encryption apparatus associated with the document processor and with the information output device and being operative to encrypt all information received from the document processor prior to output thereof by the information output device in a secure form.
In accordance with a preferred embodiment of the present invention, the system includes automatic encryption and output apparatus which automatically encrypts and then outputs information inputted by the input device periodically in order not to lose said information upon cessation of the supply of electrical power to the document processor.
Additionally in accordance with a preferred embodiment of the present invention, the system includes automatic encryption and output apparatus which automatically encrypts and then outputs information inputted by the input device upon interruption of information input for at least a predetermined time.
Preferably, the document processor is incapable of storing information in a non-secure form.
The information storage medium may be any suitable information storage medium, such as a magnetic medium. The information output device may be a printer or information transmitter.
There is additionally provided in accordance with a preferred embodiment of the present invention a secure document processing method including generating a document in a non-secure form on a document processor using an input device for inputting information, encrypting all information received from the document processor prior to storage thereof, and storing of the information following encryption thereof on an information storage medium.
In accordance with a preferred embodiment of the present invention, the method includes automatic encryption and storage of information inputted by the input device periodically in order not to lose said information upon cessation of the supply of electrical power to the document processor.
Additionally in accordance with a preferred embodiment of the present invention, the method includes automatic encryption and storage of information inputted by the input device upon interruption of information input for at least a predetermined time.
There is further provided in accordance with a preferred embodiment of the present invention a secure document processing method including generating a document in a non-secure form on a document processor using an input device for inputting information, encrypting all information received from the document processor prior to output thereof, and outputting of the information following encryption thereof on an information storage medium.
In accordance with a preferred embodiment of the present invention, the method includes automatic encryption and outputting of information inputted by the input device periodically in order not to lose said information upon cessation of the supply of electrical power to the document processor.
Additionally in accordance with a preferred embodiment of the present invention, the method includes automatic encryption and outputting of information inputted by the input device upon interruption of information input for at least a predetermined time.
In such cases, no information is retained in a non-secure form at the document processor.
Preferably, the method includes prevention of storage of information in a non-secure form.
The document processor may be a computer, such as a personal computer, equipped with a word and/or graphics processing program.
The present invention also seeks to provide an improved apparatus and method for protecting documents which, it is believed, will have broad application.
There is thus provided in accordance with a preferred embodiment of the present invention a system for selectable encryption of documents including a document generator and a user-controlled document encryptor operative to encrypt user-selected portions of a document generated on the document generator.
In accordance with a preferred embodiment of the invention, the document generator comprises a computer having a word processing functionality and the user-controlled document encryptor comprises a hardware and/or software embodied functionality which enables the user to select portions of the document to be encrypted
There is also provided in accordance with a preferred embodiment of the present invention a method for selectable encryption of documents including generating a document and encrypting user-selected portions of the document.
There is additionally provided in accordance with a preferred embodiment of the present invention a partially encrypted document produced using the method or the apparatus of the present invention.
In accordance with one embodiment of the present invention, a cut and paste functionality is employed for selecting portions of the document to be encrypted. Alternatively, text delimiters may be employed for selecting portions of the document to be encrypted.
Selection of the portions of the document to be encrypted may be carried out concurrently with generation of the document or after generation thereof. The encryption can take place either on-line or off-line.
In accordance with a preferred embodiment of the present invention, the control characters employed in word processing are not encrypted. Accordingly, the selectably encrypted document may retain the format of the corresponding unencrypted document.
The document may include both text and graphics. The graphics may be encrypted in a bit-map format.
It is appreciated that the present invention is equally applicable to decryption of documents.
The present invention also seeks to provide a mechanism and technique useful in a non-modified operating environment for enabling a user carrying out a first process to trigger the operation of a second process.
There is thus provided in accordance with a preferred embodiment of the present invention a computer system including a first operating process operating in a non-modified operating environment and having at least one operating command which is normally employed only in a given mode in the first operating process, and at least one second operating process, the improvement comprising a trigger for enabling a user operating the first operating process to initiate the second operating process, the trigger comprising said at least one operating command used in a mode other than said given mode.
There is also provided in accordance with a preferred embodiment of the present invention for use in a computer system including a first operating process operating in a non-modified operating environment and having at least one operating command which is normally employed only in a given mode in the first operating process, and at least one second operating process, a method for enabling a user operating the first operating process to initiate the second operating process, the method comprising entering said at least one operating command in a mode other than said given mode.
The invention is particularly suitable for situations wherein the first operating process operates in a non-modified operating environment.
In accordance with a preferred embodiment of the present invention, the first operating process is a text editing process.
Additionally in accordance with a preferred embodiment of the present invention, the given mode is a single, non-repeated entry. Preferably the mode other than the given mode is a sequential repeated entry.
In accordance with a preferred embodiment of the present invention, the at least one operating command is a copy command.
Further in accordance with a preferred embodiment of the present invention the non-modified operating environment is a WINDOWS environment.
The second operating process may be any suitable process, such as a text encryption process described hereinabove. Another suitable second operating process is a spell checking process. The second operating process also could be, for example, a language translation process, a text capitalizing process, a text to speech conversion process or a decryption process.